Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Hacked - need info

Posted on 2002-05-13
6
Medium Priority
?
176 Views
Last Modified: 2010-04-13
below is a snippet of my logs.  i believe somebody is trying to hack into my server.  i'm not sure if it succeeded or not.

my server is deny them access to the files requested by reporting error 404.  what is error 500?

what about the default.ida?  what is an ida file?

thanks.

~~~~~~

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-05-09 06:11:49
#Fields: time c-ip cs-method cs-uri-stem sc-status
06:13:41 202.98.62.200 GET /scripts/root.exe 404
06:13:42 202.98.62.200 GET /MSADC/root.exe 404
06:13:44 202.98.62.200 GET /c/winnt/system32/cmd.exe 404
06:13:44 202.98.62.200 GET /d/winnt/system32/cmd.exe 404
06:13:46 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:46 202.98.62.200 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
06:13:47 202.98.62.200 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
06:13:47 202.98.62.200 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
06:13:48 202.98.62.200 GET /scripts/..Á../winnt/system32/cmd.exe 404
06:13:48 202.98.62.200 GET /scripts/winnt/system32/cmd.exe 404
06:13:49 202.98.62.200 GET /winnt/system32/cmd.exe 404
06:13:49 202.98.62.200 GET /winnt/system32/cmd.exe 404
06:13:51 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:51 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:52 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:52 202.98.62.200 GET /scripts/..%2f../winnt/system32/cmd.exe 404
08:23:22 202.111.154.51 GET /default.ida 200
0
Comment
Question by:jchew
  • 3
  • 2
6 Comments
 

Author Comment

by:jchew
ID: 7005994
btw, just fyi, i'm using Windows 2000 professional with IIS. i constantly check for updates at the ms update site and have applied all the latest SPs
0
 
LVL 32

Accepted Solution

by:
jhance earned 200 total points
ID: 7006037
This is the NIMDA probing your system.  But you're mostly OK.  If the response is 4XX or 500, it's a FAILURE and nothing happened.

But you have the default.ida in place:

>>>08:23:22 202.111.154.51 GET /default.ida 200

FIX THIS NOW.  You don't need this file anyway, just DELETE it.

Be sure you are up to date on all Microsoft HotFixes for your version of Windows.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 7006498
I agree with jhance.  The fact that your server returned 200 for default.ida is a BAD thing.  This just looks like a probe, if the log entry had looked like this:

08:23:22 202.111.154.51 GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 200


Then you might have a serious problem.
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 

Author Comment

by:jchew
ID: 7007520
i tried the following

http://my.server/default.ida

and got the following reply

The IDQ file default.ida could not be found.

does this mean i'm safe?  i have updated my win2k with all the ms critical updates.

btw, can you please tell me what is an ida file?

thanks.
0
 
LVL 32

Expert Comment

by:jhance
ID: 7007566
It's a sample file that is included with IIS.  It is NOT needed for normal IIS web site operations and it is a known security risk.  Delete the file and be safe.
0
 

Author Comment

by:jchew
ID: 7007602
thanks for the info...
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Simulator games are perfect for generating sample realistic data streams, especially for learning data analysis. It is even useful for demoing offerings such as Azure stream analytics, PowerBI etc.
Integration Management Part 2
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question